CVE-2026-35333

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-35333. PoCs published by Lukas Johannes Moeller.

AI-analyzed exploit summary This exploit demonstrates a pre-authentication denial-of-service (DoS) vulnerability in strongSwan's RADIUS DAE plugin by sending a malformed RADIUS Access-Request packet with a zero-length attribute, causing an infinite loop in the worker thread.

Description

strongSwan 5.9.13 - DoS

Exploits (1)

exploitdb WORKING POC

by Lukas Johannes Moeller · pythondosmultiple

https://www.exploit-db.com/exploits/52586

View Code ZIP pw:eip

This exploit demonstrates a pre-authentication denial-of-service (DoS) vulnerability in strongSwan's RADIUS DAE plugin by sending a malformed RADIUS Access-Request packet with a zero-length attribute, causing an infinite loop in the worker thread.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: strongSwan <= 5.9.13 (with eap-radius plugin and DAE enabled)

No auth needed

Prerequisites: strongSwan with eap-radius plugin built with DAE enabled · DAE listener bound on UDP/3799 · network access to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed May 30, 2026 Full analysis →

strongSwan 5.9.13 - DoS

Exploitation Summary

Description

Exploits (1)

Details